Thank you for the resolution Trevoli. On Thursday, May 14, 2026 at 2:28:15 AM UTC+5:30 Trevoli Ponds-White wrote:
> This should be resolved for the Amazon Trust Services ICAs now. > > On Tuesday, May 12, 2026 at 9:41:53 AM UTC-7 Trevoli Ponds-White wrote: > >> Hi Anupama, we think this might be an issue on our side when we imported >> the pem file. Not a CCADB issue. Our team is looking into this now. >> >> Thanks, >> Trevoli Ponds-White >> Amazon Trust Services >> >> On Monday, May 11, 2026 at 11:22:52 AM UTC-7 Anupama M wrote: >> >>> Hi Mozilla Team, >>> >>> Reporting a regression in the PEM column of >>> MozillaIntermediateCertsCSVReport (snapshot 2026-05-07) downloaded from >>> https://ccadb.my.salesforce-sites.com/mozilla/MozillaIntermediateCertsCSVReport >>> . >>> >>> 18 rows have a blank line directly after the pre-encapsulation boundary >>> — the byte sequence is -----BEGIN CERTIFICATE-----\n\nMII… instead of >>> -----BEGIN >>> CERTIFICATE-----\nMII…. This violates RFC 7468 §3 ("There is no blank >>> line between the pre-encapsulation boundary and the encapsulated text") and >>> is rejected outright by strict PEM parsers. The same bug also appears to >>> throw the wrap counter for the rest of the body in those 18 rows, producing >>> pathological 64/1/62/2/… line widths. >>> >>> The underlying certificate data is fine — every PEM still decodes to a >>> cert whose SHA-256 matches the row's SHA256 column — so this is purely >>> a CSV-generator regression. >>> >>> Affected rows are all Amazon S-series intermediates: >>> >>> - Amazon ECDSA 256 S06–S09 (4 certs, issued by Amazon Root CA 4) >>> - Amazon ECDSA 384 S06–S13 (8 certs, issued by Amazon Root CA 4) >>> - Amazon RSA 2048 S06–S11 (6 certs, issued by Amazon Root CA 1) >>> >>> Happy to share the full list of 18 SHA-256s or the analysis script if >>> useful. >>> >>> Thanks, >>> >>> Anupama M >>> >> -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/f9d54a00-a003-4e7c-87c3-5ca5a245e587n%40mozilla.org.
